package com.killer.interceptor;

import com.killer.anno.Security;
import com.killer.handler.HandlerInterceptor;
import com.killer.handler.MethodHandler;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.List;

/**
 * @author ：Killer
 * @date ：Created in 20-10-26 下午3:31
 * @description：${description}
 * @modified By：
 * @version: version
 */
public class SecurityInterceptor implements HandlerInterceptor{
    //这里放进来的handler对象就是对应的MethodHandler对象
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        //先将handler进行转化
        MethodHandler methodHandler=(MethodHandler)handler;
        //获取该方法
        Method method = methodHandler.getMethod();
        //获取对应注解
        Security security = method.getAnnotation(Security.class);
        //如果没有该注解,全部放行即可
        if (security == null) {
            return true;
        }
        //获取里面的权限列表
        String[] values=security.value();
        //转成集合
        List<String> permits = Arrays.asList(values);
        //这里做了简单化，直接放到请求参数里面，实际上应该是放到token的
        String name=request.getParameter("name");
        return permits.contains(name);
    }
}
